I am using the Flowable 6.7.2 version with Keycloak, I have created the realm from doc. although Flowable 6.7.2 docker-compose file has its own realm JSON in Keyloak YAML file.
After creating all the steps from the doc, while testing I changed the role of the user, but it does not reflect on the flowable for the user. For role updates, Flowable users need to re-login in the server.
Is there any config changes to fix this glitch, or its work like this only.
Related
I was reading Keycloak documentation about Login Events and configuring external database and I could not find the answers for the following:
What is the maximum expiration time for Login Events for its built in database?
If nothing is configured for expiration time in Admin Console, what will be the default value?
If I configure external database does that mean that all Keycloak schema is generated and data persisted in external database or can I specify to persist only Login Events there?
UPDATE: I manage to find the answers;
Maximum expiration time is forever
If nothing is configured for expiration time in Admin Console,default value is 0, which means never expire
Configuring external database means that all Keycloak schema is
generated automatically upon deployment and all data will be
persisted in configured external data source
I am using MongoDB Realm for authentication in my Rest API writen in node js.
When I do the deployment that Realm authorization token getting expired for all the users. My assumption is MongoDb Realm is creating temp files inside the application directory and using that for authorization. Users are getting logged out because of this files are getting deleted during the deployment.
If anyone has some idea please help me out
Are this temporary files needed?
I've launched keycloak locally from a docker container with
docker run -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin
Then I've imported a realm (let's call it test-realm) from a json file by POSTing to {keycloak_host}/admin/realms. This works, the realm is created.
It's created without any initial users though. I want to create the users via curl as I want to automatize the whole process (start keycloak server, import realm, create users from json) in the future.
I'm aware of {keycloak_host}/admin/realms/test-realm/users of course. The problem is that POSTing to that end point already requires credentials (e.g. a JWT) from an admin account on test-realm. Or am I mistaken in this assumption?
My question is, how do I create that first admin account on test-realm having access to an admin on master. Or do I even need it to create users on test-realm through curl?
Turned out you can include a users key in the json realm representation. The value is an array of user representations as of version 4.5 of keycloak. So problem solved.
I am struggling with the keycloak role-ldap-mapper. We have an Active Directory Service internally where Users can ask for roles. Roles are assigned/removed by another tool and saved into the memberOf Attribute in AD.
Keycloak imports the roles correctly at the users first login, but somehow when the user is already there, roles are updated in AD, they are not synchronized to Keycloak. I just want roles to be synchronized regularly from AD to Keycloak, not the other way around (I am not supposed to write into the AD).
Is it a Bug? Works as Designed, or am I configuring something in the wrong way?
I am running 2 instances, Version 3.1.0 and 3.4.1.
I already played around with the LDAP - periodic synchronize changed/full feature but no success.
Do I have to specify the memberOf Attribute somehow specifically to be synchronized?
Thx for help.
Solution found:
I have updated Keycloak to the newest Version (3.4.3). Now it works for me. Seems to be an issue in the previous versions.
Keycloak does not seem to save any modifications I make to role policies.
When I configure my role policy inside keycloak and I click save, there is indeed a row added in the POLICY_CONFIG table inside my database. However when I reload the policy page inside the keycloak admin interface, the policy is empty again. I am not seeing any error inside the logs.
Steps to reproduce
Configure policy
Save policy (successful)
Reload policy page
All fields are empty again. I waited a minute but nothing is being loaded.
Oracle database
POLICY_CONFIG table
ID:
13b25a3a-95f9-4fb7-bbed-bb758c887c8d
TYPE: roles
VALUE
[{"id":"fac49c05-2e78-40a3-98cc-e6206188ed8c","required":false},{"id":"a141db57-
51b5-469d-9266-4bd14fcd024e","required":false},{"id":"679dbf0e-47da-449a-832a-28
0c766381f4","required":false},{"id":"c4993ff8-32fa-4731-9b50-2b75084d1974","requ
ired":false},{"id":"cdc2ac65-7bde-4883-a2b7-7a4af56770e1","required":false}]